< draft-hallambaker-mesh-udf-03.txt   draft-hallambaker-mesh-udf-04.txt >
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft July 3, 2019 Internet-Draft July 8, 2019
Intended status: Informational Intended status: Informational
Expires: January 4, 2020 Expires: January 9, 2020
Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint. Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint.
draft-hallambaker-mesh-udf-03 draft-hallambaker-mesh-udf-04
Abstract Abstract
This document describes the naming and addressing schemes used in the This document describes the naming and addressing schemes used in the
Mathematical Mesh. The means of generating Uniform Data Fingerprint Mathematical Mesh. The means of generating Uniform Data Fingerprint
(UDF) values and their presentation as text sequences and as URIs are (UDF) values and their presentation as text sequences and as URIs are
described. described.
A UDF consists of a binary sequence, the initial eight bits of which A UDF consists of a binary sequence, the initial eight bits of which
specify a type identifier code. Type identifier codes have been specify a type identifier code. Type identifier codes have been
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2020. This Internet-Draft will expire on January 9, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 18 skipping to change at page 5, line 18
referenced. referenced.
UDFs are typically presented to the user as a Base32 encoded sequence UDFs are typically presented to the user as a Base32 encoded sequence
in groups of five characters separated by dashes. This format in groups of five characters separated by dashes. This format
provides a useful balance between compactness and readability. The provides a useful balance between compactness and readability. The
type identifier codes have been selected so as to provide a useful type identifier codes have been selected so as to provide a useful
mnemonic when presented in Base32 encoding. mnemonic when presented in Base32 encoding.
The following are examples of UDF values: The following are examples of UDF values:
NBLC-XNXJ-JEYQ-U3MK-JN2R-Q5U4-SSBQ ND2H-S6YN-5PEI-7VCC-EABR-WQLC-QVTQ
EAEO-XJC5-33UX-4VS6-6RCR-N7OI-EI6A EBYX-SP24-RAEZ-BYVG-FJEN-TNW6-EYQQ
SAQE-KWFO-YAMT-TAIA-PV66-36X4-RBHN-M SAQH-5KQR-XCVN-UVWY-OJNB-QTG3-MJSM-I
MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4 MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4
KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN
AD2H-V6AG-KC5B-6DYX-DZR4-IBD5-4734 ADUE-MT5J-2IED-MT4Y-5C2B-7FK7-UJQW
Like email addresses, UDFs are not a Uniform Resource Identifier Like email addresses, UDFs are not a Uniform Resource Identifier
(URI) but may be expressed in URI form by adding the scheme (URI) but may be expressed in URI form by adding the scheme
identifier (UDF) for use in contexts where an identifier in URI identifier (UDF) for use in contexts where an identifier in URI
syntax is required. A UDF URI MAY contain a domain name component syntax is required. A UDF URI MAY contain a domain name component
allowing it to be used as a locator allowing it to be used as a locator
1.1.1. Cryptographic Keys and Nonces 1.1.1. Cryptographic Keys and Nonces
A Nonce (N) UDF represents a short, fixed length randomly chosen A Nonce (N) UDF represents a short, fixed length randomly chosen
binary value. binary value.
Nonce UDFs are used within many Mesh protocols and data formats where Nonce UDFs are used within many Mesh protocols and data formats where
it is necessary to represent a nonce value in text form. it is necessary to represent a nonce value in text form.
Nonce UDF: Nonce UDF:
NBLC-XNXJ-JEYQ-U3MK-JN2R-Q5U4-SSBQ ND2H-S6YN-5PEI-7VCC-EABR-WQLC-QVTQ
An Encryption/Authentication (E) UDF has the same format as a Random An Encryption/Authentication (E) UDF has the same format as a Random
UDF but is identified as being intended to be used as a symmetric key UDF but is identified as being intended to be used as a symmetric key
for encryption and/or authentication. for encryption and/or authentication.
KeyValue: KeyValue:
08 EB A4 5D DE E9 7E 56 5E F4 45 16 FD C8 22 3C 71 79 3F 5C 88 09 90 E2 A6 2A 48 D9 B6 DE 26 21
Encryption/Authenticator UDF: Encryption/Authenticator UDF:
EAEO-XJC5-33UX-4VS6-6RCR-N7OI-EI6A EBYX-SP24-RAEZ-BYVG-FJEN-TNW6-EYQQ
A Share (S) UDF also represents a short, fixed length binary value A Share (S) UDF also represents a short, fixed length binary value
but only provides one share in secret sharing scheme. Recovery of but only provides one share in secret sharing scheme. Recovery of
the binary value requires a sufficient number of shares. the binary value requires a sufficient number of shares.
Share UDFs are used in the Mesh to support key and data escrow Share UDFs are used in the Mesh to support key and data escrow
operations without the need to rely on trusted hardware. A share UDF operations without the need to rely on trusted hardware. A share UDF
can be copied by hand or printed in human or machine-readable form can be copied by hand or printed in human or machine-readable form
(e.g. QR code). (e.g. QR code).
Key: EAEO-XJC5-33UX-4VS6-6RCR-N7OI-EI6A Key: EBYX-SP24-RAEZ-BYVG-FJEN-TNW6-EYQQ
Share 0: SAQE-KWFO-YAMT-TAIA-PV66-36X4-RBHN-M Share 0: SAQH-5KQR-XCVN-UVWY-OJNB-QTG3-MJSM-I
Share 1: SAQY-DRNZ-EJJY-TA5K-TQDZ-NXX3-JB5X-A Share 1: SAQY-XWXE-CTG2-WHGO-H2E6-PP77-42RW-O
Share 2: SARL-4MWD-QSG5-TBSU-XKIT-7QX2-BCUA-U Share 2: SARJ-SC5W-ODYH-XYWE-BK43-OMZE-NLRA-U
1.1.2. Fingerprint type UDFS 1.1.2. Fingerprint type UDFS
Fingerprint type UDFs contains a fingerprint value calculated over a Fingerprint type UDFs contains a fingerprint value calculated over a
content data item and an IANA media type. content data item and an IANA media type.
A Content Digest type UDF is a fingerprint type UDF in which the A Content Digest type UDF is a fingerprint type UDF in which the
fingerprint is formed using a cryptographic algorithm. Two digest fingerprint is formed using a cryptographic algorithm. Two digest
algorithms are currently supported, SHA-2-512 (M, for Merkle Damgard) algorithms are currently supported, SHA-2-512 (M, for Merkle Damgard)
and SHA-3-512 (K, for Keccak). and SHA-3-512 (K, for Keccak).
skipping to change at page 6, line 46 skipping to change at page 6, line 46
SHA-3-512: KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN SHA-3-512: KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN
An Authentication UDF (A) is formed in the same manner as a An Authentication UDF (A) is formed in the same manner as a
fingerprint but using a Message Authentication Code algorithm and a fingerprint but using a Message Authentication Code algorithm and a
symmetric key. symmetric key.
Authentication UDFs are used to express commitments and to provide a Authentication UDFs are used to express commitments and to provide a
means of blinding fingerprint values within a protocol by means of a means of blinding fingerprint values within a protocol by means of a
nonce. nonce.
SHA-2-512: AD2H-V6AG-KC5B-6DYX-DZR4-IBD5-4734 SHA-2-512: ADUE-MT5J-2IED-MT4Y-5C2B-7FK7-UJQW
1.2. UDF URIs 1.2. UDF URIs
The UDF URI scheme allows use of a UDF in contexts where a URF is The UDF URI scheme allows use of a UDF in contexts where a URF is
expected. The UDF URI scheme has two forms, name and locator. expected. The UDF URI scheme has two forms, name and locator.
1.2.1. Name Form 1.2.1. Name Form
Name form UDF URIs identify a data resource but do not provide a Name form UDF URIs identify a data resource but do not provide a
means of discovery. The URI is simply the scheme (udf) followed by means of discovery. The URI is simply the scheme (udf) followed by
skipping to change at page 7, line 47 skipping to change at page 7, line 47
of the UDF value specified in the URI to the specified Web Service of the UDF value specified in the URI to the specified Web Service
Endpoint and performing a GET method request on the result. Endpoint and performing a GET method request on the result.
For example, Alice subscribes to Example.com, a purveyor of cat and For example, Alice subscribes to Example.com, a purveyor of cat and
kitten images. The company generates paper and electronic invoices kitten images. The company generates paper and electronic invoices
on a monthly basis. on a monthly basis.
To generate the paper invoice, Example.com first creates a new To generate the paper invoice, Example.com first creates a new
encryption key: encryption key:
EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH EBE4-KH3S-2YBP-LVBR-Y5SW-LGH4-IR2G-HG
One or more electronic forms of the invoice are encrypted under the One or more electronic forms of the invoice are encrypted under the
key EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH and placed on the key EBE4-KH3S-2YBP-LVBR-Y5SW-LGH4-IR2G-HG and placed on the
Example.com Web site so that the appropriate version is returned if Example.com Web site so that the appropriate version is returned if
Alice scans the QR code. Alice scans the QR code.
The key is then converted to form an EARL for the example.com UDF The key is then converted to form an EARL for the example.com UDF
resolution service: resolution service:
udf://example.com/EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH udf://example.com/EBE4-KH3S-2YBP-LVBR-Y5SW-LGH4-IR2G-HG
The EARL is then rendered as a QR code: The EARL is then rendered as a QR code:
[[This figure is not viewable in this format. The figure is [[This figure is not viewable in this format. The figure is
available at http://mathmesh.com/Documents/draft-hallambaker-mesh- available at http://mathmesh.com/Documents/draft-hallambaker-mesh-
udf.html [2].]] udf.html [2].]]
QR Code with embedded decryption and location key QR Code with embedded decryption and location key
A printable invoice containing the QR code is now generated and sent A printable invoice containing the QR code is now generated and sent
skipping to change at page 8, line 34 skipping to change at page 8, line 34
The UDF EARL locator shown above is resolved by first determining the The UDF EARL locator shown above is resolved by first determining the
Web Service Endpoint for the mmm-udf service for the domain Web Service Endpoint for the mmm-udf service for the domain
example.com. example.com.
Discover ("example.com", "mmm-udf") = Discover ("example.com", "mmm-udf") =
https://example.com/.well-known/mmm-udf/ https://example.com/.well-known/mmm-udf/
Next the fingerprint of the source UDF is obtained. Next the fingerprint of the source UDF is obtained.
UDF (EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH) = UDF (EBE4-KH3S-2YBP-LVBR-Y5SW-LGH4-IR2G-HG) =
MAI3-3253-XSCV-A575-WB27-XM7J-KQ5Z-TA3D-NPZT-UQED-PS6U-KTCP-YQFR-XECC MB4X-FCXI-V5LX-LKMP-7O6T-DEOS-NWSJ-DXJN-QOGM-WOFZ-INCN-QBAY-QBLC-XA5K
Combining the Web Service Endpoint and the fingerprint of the source Combining the Web Service Endpoint and the fingerprint of the source
UDF provides the URI from which the content is obtained using the UDF provides the URI from which the content is obtained using the
normal HTTP GET method: normal HTTP GET method:
https://example.com/.well-known/mmm-udf/MAI3-3253-XSCV-A575-WB27- https://example.com/.well-known/mmm-udf/MB4X-FCXI-V5LX-LKMP-7O6T-
XM7J-KQ5Z-TA3D-NPZT-UQED-PS6U-KTCP-YQFR-XECC DEOS-NWSJ-DXJN-QOGM-WOFZ-INCN-QBAY-QBLC-XA5K
Having established that Alice can read postal mail sent to a physical Having established that Alice can read postal mail sent to a physical
address and having delivered a secret to that address, this process address and having delivered a secret to that address, this process
might be extended to provide a means of automating the process of might be extended to provide a means of automating the process of
enrolment in electronic delivery of future invoices. enrolment in electronic delivery of future invoices.
1.3. Secure Internet Names 1.3. Secure Internet Names
A SIN is an Internet Identifier that contains a UDF fingerprint of a A SIN is an Internet Identifier that contains a UDF fingerprint of a
security policy document that may be used to verify the security policy document that may be used to verify the
skipping to change at page 18, line 49 skipping to change at page 18, line 49
a_0. a_0.
Applications MAY employ any approach that returns the correct result. Applications MAY employ any approach that returns the correct result.
The use of Lagrange basis polynomials is described in Appendix C. The use of Lagrange basis polynomials is described in Appendix C.
Alice decides to encrypt an important document and split the Alice decides to encrypt an important document and split the
encryption key so that there are five key shares, three of which will encryption key so that there are five key shares, three of which will
be required to recover the key. be required to recover the key.
Alice's master secret is Alice's master secret is
12 33 5C BF C8 28 C8 C6 EF E9 74 51 37 A9 B2 BD E0 9A 35 8C 1C EF C6 BD 93 45 5B 90 DF 0F F9 DE
This has the UDF representation: This has the UDF representation:
EAJD-GXF7-ZAUM-RRXP-5F2F-CN5J-WK6Q EDQJ-UNMM-DTX4-NPMT-IVNZ-BXYP-7HPA
The master secret is converted to an integer applying network byte The master secret is converted to an integer applying network byte
order conventions. Since the master secret is 128 bits, it is order conventions. Since the master secret is 128 bits, it is
guaranteed to be smaller than the modulus. The resulting value guaranteed to be smaller than the modulus. The resulting value
becomes the polynomial value a0. becomes the polynomial value a0.
Since a threshold of three shares is required, we will need a second Since a threshold of three shares is required, we will need a second
order polynomial. The co-efficients of the polynomial a1, a2 are order polynomial. The co-efficients of the polynomial a1, a2 are
random numbers smaller than the modulus: random numbers smaller than the modulus:
a0 = 24192792240122645239584041884141073085 a0 = 298547770840642716592281995430618724830
a1 = 275645827829392714511516865247251935089 a1 = 120536850713380656624540471398111677667
a2 = 338825755595477295605531041247661976348 a2 = 234563986398006021566410289735704897812
The master secret is the value f(0) = a0. The key shares are the The master secret is the value f(0) = a0. The key shares are the
values f(1), f(2)...f(5): values f(1), f(2)...f(5):
f(1) = 298382008744054191893257340947286773015 f(1) = 313366241031090931319858149132667088802
f(2) = 229375635676124939367868900210451791120 f(2) = 116747950175674262253505667442588825384
f(3) = 157456039957273351126793327105404338907 f(3) = 48975265195331172856599157792152146083
f(4) = 82623221587499427170030621632144416376 f(4) = 110048186090061663129138620181357050899
f(5) = 4877180566803167497580783790672023527 f(5) = 299966712859865733071124054610203539832
The first byte of each share specifies the recovery information The first byte of each share specifies the recovery information
(quorum, x value), the remaining bytes specify the share value in (quorum, x value), the remaining bytes specify the share value in
network byte order: network byte order:
f(1) = f(1) =
30 E0 7A 48 D8 4F DD 9B 38 7B B0 95 8A 9C 64 CD 30 EB C0 24 89 0C 41 82 E1 C4 4C 91 DA 10 6A 6F
17 A2
f(2) = f(2) =
31 AC 90 23 F9 85 95 22 B7 00 9E F1 69 2E 79 BD 31 57 D4 D6 5A 88 50 97 58 90 E3 B5 E6 61 90 B7
10 28
f(3) = f(3) =
32 76 74 EE 23 69 4F 5F 42 7E B4 87 EC ED E8 82 32 24 D8 4B 00 91 1D 04 21 F9 0A C7 B5 D2 82 D0
DB A3
f(4) = f(4) =
33 3E 28 A7 55 FB 0C 50 DA F5 F1 59 15 DA B1 1E 33 52 CA 82 7B 26 A6 C9 3D FC C1 C7 48 63 40 BC
78 13
f(5) = f(5) =
34 03 AB 4F 91 3A CB F7 80 66 55 64 E3 F4 D3 8F 34 E1 AB 7C CA 48 ED E6 AC 9C 08 B4 9E 13 CA 79
E7 78
The UDF presentation of the key shares is thus: The UDF presentation of the key shares is thus:
f(1) = SAYO-A6SI-3BH5-3GZY-POYJ-LCU4-MTGR-O f(1) = SAYO-XQBE-REGE-DAXB-YRGJ-DWQQ-NJX2-E
f(2) = SAY2-ZEBD-7GCZ-KIVX-ACPP-C2JO-PG6R-A f(2) = SAYV-PVGW-LKEF-BF2Y-SDR3-LZTB-SC3S-Q
f(3) = SAZH-M5HO-ENUU-6X2C-P22I-P3HN-5CBN-W f(3) = SAZC-JWCL-ACIR-2BBB-7EFM-PNOS-QLIK-G
f(4) = SAZT-4KFH-KX5Q-YUG2-6XYV-SFO2-WEPH-Q f(4) = SAZV-FSUC-PMTK-NSJ5-7TA4-OSDD-IC6B-G
f(5) = SA2A-HK2P-SE5M-X54A-MZKW-JY7U-2OH6-O f(5) = SA2O-DK34-ZJEO-3ZVM-TQEL-JHQT-ZJ4X-Q
To recover the value f(0) from any three shares, we need to fit a To recover the value f(0) from any three shares, we need to fit a
polynomial curve to the three points and use it to calculate the polynomial curve to the three points and use it to calculate the
value at x=0 using the Lagrange polynomial basis. value at x=0 using the Lagrange polynomial basis.
5. Variable Length UDFs 5. Variable Length UDFs
Variable length UDFs are used to represent fingerprint values Variable length UDFs are used to represent fingerprint values
calculated over a content type identifier and the cryptographic calculated over a content type identifier and the cryptographic
digest of a content data item. The fingerprint value MAY be digest of a content data item. The fingerprint value MAY be
skipping to change at page 45, line 16 skipping to change at page 45, line 16
return Result.Sign >= 0 ? Result : Result + p; return Result.Sign >= 0 ? Result : Result + p;
} }
} }
} }
13. References 13. References
13.1. Normative References 13.1. Normative References
[draft-hallambaker-mesh-architecture] [draft-hallambaker-mesh-architecture]
Hallam-Baker, P., "Mathematical Mesh Part I: Architecture Hallam-Baker, P., "Mathematical Mesh 3.0 Part I:
Guide", draft-hallambaker-mesh-architecture-07 (work in Architecture Guide", draft-hallambaker-mesh-
progress), April 2019. architecture-08 (work in progress), July 2019.
[draft-hallambaker-mesh-dare] [draft-hallambaker-mesh-dare]
Hallam-Baker, P., "Mathematical Mesh Part III : Data At Hallam-Baker, P., "Mathematical Mesh 3.0 Part III : Data
Rest Encryption (DARE)", draft-hallambaker-mesh-dare-01 At Rest Encryption (DARE)", draft-hallambaker-mesh-dare-02
(work in progress), April 2019. (work in progress), July 2019.
[draft-hallambaker-mesh-security] [draft-hallambaker-mesh-security]
Hallam-Baker, P., "Mathematical Mesh Part VII: Security Hallam-Baker, P., "Mathematical Mesh Part VII: Security
Considerations", draft-hallambaker-mesh-security-00 (work Considerations", draft-hallambaker-mesh-security-00 (work
in progress), April 2019. in progress), April 2019.
[draft-hallambaker-web-service-discovery] [draft-hallambaker-web-service-discovery]
Hallam-Baker, P., "DNS Web Service Discovery", draft- Hallam-Baker, P., "DNS Web Service Discovery", draft-
hallambaker-web-service-discovery-02 (work in progress), hallambaker-web-service-discovery-02 (work in progress),
April 2019. April 2019.
 End of changes. 28 change blocks. 
54 lines changed or deleted 54 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/